W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: XML certificate ...

From: Carl Ellison <cme@jf.intel.com>
Date: Wed, 10 May 2000 12:37:07 -0700
Message-Id: <3.0.3.32.20000510123707.00bb0400@ibeam.jf.intel.com>
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: Ken Goldman <kgold@watson.ibm.com>, w3c-ietf-xmldsig@w3.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 02:34 PM 5/10/00 -0400, Donald E. Eastlake 3rd wrote:
>Why, for the certificate application, would you use a certificate as
>KeyInfo?  Why not just issuer and serial number? Or omit the KeyInfo
>entirely and encode signer information elsewhere in the XML
>certificate.  This seems like a good example of the need for
>flexibility in the format and optional presence of KeyInfo.

(issuer,serial number) is from the X.509 world and is one of the ways X.509 
is broken.

"issuer" is a  DN and might identify an issuer, if DN's were from a 
singly-rooted name space, as was the original plan in X.500.  DN's are not 
singly-rooted and never will be -- so using a DN as an identifier is broken.


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2

iQA/AwUBORm6Y8xqBGb+WvJAEQKr7wCfayvYkyHfeMYn2YttiCCRGJWNp/gAoPRq
Sq5MdNnKPiW4zU062t7S2E3Z
=AuSa
-----END PGP SIGNATURE-----


+--------------------------------------------------------+
|Carl Ellison      Intel             E: cme@jf.intel.com |
|2111 NE 25th Ave  M/S JF3-212       T: +1-503-264-2900  |
|Hillsboro OR 97124                  F: +1-503-264-6225  |
|PGP Key ID: 0xFE5AF240              C: +1-503-819-6618  |
|  1FDB 2770 08D7 8540 E157  AAB4 CC6A 0466 FE5A F240    |
+--------------------------------------------------------+
Received on Wednesday, 10 May 2000 15:37:12 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT